IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v13y2021i3p58-d505865.html
   My bibliography  Save this article

A Multi-Tier Security Analysis of Official Car Management Apps for Android

Author

Listed:
  • Efstratios Chatzoglou

    (Department of Information & Communication Systems Engineering, University of the Aegean, 813 00 Samos, Greece)

  • Georgios Kambourakis

    (European Union, Joint Research Centre, 21027 Ispra, Italy)

  • Vasileios Kouliaridis

    (Department of Information & Communication Systems Engineering, University of the Aegean, 813 00 Samos, Greece)

Abstract

Using automotive smartphone applications (apps) provided by car manufacturers may offer numerous advantages to the vehicle owner, including improved safety, fuel efficiency, anytime monitoring of vehicle data, and timely over-the-air delivery of software updates. On the other hand, the continuous tracking of the vehicle data by such apps may also pose a risk to the car owner, if, say, sensitive pieces of information are leaked to third parties or the app is vulnerable to attacks. This work contributes the first to our knowledge full-fledged security assessment of all the official single-vehicle management apps offered by major car manufacturers who operate in Europe. The apps are scrutinised statically with the purpose of not only identifying surfeits, say, in terms of the permissions requested, but also from a vulnerability assessment viewpoint. On top of that, we run each app to identify possible weak security practices in the owner-to-app registration process. The results reveal a multitude of issues, ranging from an over-claim of sensitive permissions and the use of possibly privacy-invasive API calls, to numerous potentially exploitable CWE and CVE-identified weaknesses and vulnerabilities, the, in some cases, excessive employment of third-party trackers, and a number of other flaws related to the use of third-party software libraries, unsanitised input, and weak user password policies, to mention just a few.

Suggested Citation

  • Efstratios Chatzoglou & Georgios Kambourakis & Vasileios Kouliaridis, 2021. "A Multi-Tier Security Analysis of Official Car Management Apps for Android," Future Internet, MDPI, vol. 13(3), pages 1-35, February.
    • Handle: RePEc:gam:jftint:v:13:y:2021:i:3:p:58-:d:505865
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/13/3/58/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/13/3/58/
    Download Restriction: no
    ---><---

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Zia Muhammad & Zahid Anwar & Bilal Saleem & Jahanzeb Shahid, 2023. "Emerging Cybersecurity and Privacy Threats to Electric Vehicles and Their Impact on Human and Environmental Sustainability," Energies, MDPI, vol. 16(3), pages 1-30, January.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:13:y:2021:i:3:p:58-:d:505865. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.